Profile cover photo
Profile photo
Jukka Svahn
48 followers
48 followers
About
Jukka's posts

Post has attachment
Heard of Composer? Want to use it with Textpattern? Me too. So, I did.

I've always wanted better option to manage Textpattern plugins, and especially their dependencies. And then Composer came, an actually good dependency (and package) manager for PHP, and then later on it got custom installer support making it potential candidate for better and more advanced Textpattern plugin management.

For the past few weeks, I've been working on everything Composer, which has resulted in situation where plugins can be distributed as Composer packages. I've created an installer for the themes and plugins, way to tell Textpattern version to Composer and have it as a dependency, created dependency autoloader and slowly made my own plugins available as Composer packages. I've even forked some old plugins to Composer infrastructure.

The whole Composer + Textpattern integration consist of three lightweight projects, which are composer package of their own:

https://github.com/gocom/textpattern-installer
https://github.com/gocom/textpattern-lock
https://github.com/gocom/rah_autoload

What Composer allows you to do is to define complex set of dependencies, and it will handle installing them with a single command liner. You don't have to worry about manually installing and uploading files, or installing and updating plugins one by one. Composer allows you to declare assets, plugins, themes and libraries your Textpattern project depends on and it will install them for you. No downloading, no browsing websites.

Normally installing plugins and themes requires that you navigate websites, check requirements and instructions, download an installation code, upload it to your Textpattern installation, go through a semi-automated multi-step installer consisting of a confirmation, an installation and an activation steps. Each time you need to update any of your plugins or your Textpattern version, you need to go through the same long process again, and the more plugins you have the more time this process takes since each plugin needs to be updated and checked individually.

I myself was so tired of that. I use Composer for other things, and I see its potential for plugins too. When you don't have to reinvent the wheel, you should not. Just give it new tires. With Composer in place you can install plugins like any other packages it offers, through it simple and common interface.

Basically, I could install all my plugins 5 million (or 52 or some) plugins in a single swipe, in about two seconds depending on the hardware and connection speed. Same goes for any update when one of the plugins gets a new release.

Downside for normal users of course would be that it is a command line application, needs to run on the server too when deploying and goes to the more 'advanced' section altogether. But for actual developers, it pretty much an ideal solution. It for one saves time, but also makes plugins more consistant compared to other PHP scripts and even makes them VCS friendly.

Post has attachment
That is pretty neat and simple. Does the href have any encoding requirements? The permlink tag doesn't necessarily generate valid URIs and it encodes output for safe HTML use (partially?), but not for URIs technically.

With the default sanitizer methods (which are pluggable), and if URL title generation is left to Textpattern, it will generate 'correct' URIs with no actual injection vulnerabilities, but nonetheless the deployed final encoding is 'wrong'.

One of the big mistakes in Textpattern's codebase is (up to 4.6-dev) the use of the wrong encoding and sanitization methods for different tasks. Which leads to annoying patching tasks, borked backwards compatibility and ultimately XSS. Freaking died out of laughter when I saw PHP's htmlspecialchars() being responsible encoding query string components and JSON values.
Wait while more posts are being loaded